Re: Deploying UAA for external users

Home Messages Hashtags Subgroups

Jonathan Matthews <contact+cfdev@...> #9114 On Tue, 21 Jul 2020 at 14:07, Shetty, Viraj S [CTR] via lists.cloudfoundry.org <vshetty=fdic.gov@...> wrote: Thanks Enrique. We are deploying UAA in cloud.gov for our agency and it will be used by applications deployed in cloud.gov for our agency. I can add a nginx proxy in front but I think I should be able to filter IP addresses with spring or in the web.xml Just in case this is useful to you, I suggest taking a look at the CF (hence probably also cloud.gov) feature called “Route Services”. Using this platform feature would allow you to deploy a vanilla UAA and decouple it (as an app) from its layer 4 / layer 7 protection. Nginx can be used as a WAF in that topology, as can Haproxy or anything else reverse-proxy-ish. Personally, I’d chose that over relying on a block-/allow-list feature in the UAA itself, where you’d be dependent both on the feature’s presence and its correctness with no regressions over time. My 2¢ :-) Jonathan -- Jonathan Matthews https://jpluscplusm.com
More All Messages By This Member

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.